<?php
namespace app\common\controller;
use think\Controller;
use think\Request;


class Openssl extends Controller
{

    public function create_key()
    {
        $config = array(
            "private_key_bits" => 1024,                     //字节数    512 1024  2048   4096 等
            "private_key_type" => OPENSSL_KEYTYPE_RSA,     //加密类型
            "config" => "E:/phpStudy/Apache/conf/openssl.cnf"
        );
        $privkeypass = 'tzld2018'; //私钥密码
        $numberofdays = 100000;     //有效时长
        $cerpath = "./cer/mhsh.cer"; //生成证书路径
        $pfxpath = "./cer/mhsh.pfx"; //密钥文件路径
        $pubpath="./cer/mhsh.txt"; //公钥
        $dn = array(    "countryName" => "UK",    "stateOrProvinceName" => "Somerset",    "localityName" => "Glastonbury",    "organizationName" => "The Brain Room Limited",    "organizationalUnitName" => "PHP Documentation Team",    "commonName" => "Wez Furlong",    "emailAddress" => "wez@example.com"); // 生成公钥私钥资源

        $res = openssl_pkey_new($config);// 导出私钥
        openssl_pkey_export($res, $priKey,null,$config);//  导出公钥 $pubKey
        $pubKey = openssl_pkey_get_details($res);
        $pubKey = $pubKey["key"];
        $fp = fopen($pubpath, "w");
        fwrite($fp, $pubKey);
        fclose($fp);//生成密钥文件
        //print_r($priKey); //私钥
        // print_r($pubKey); //公钥
        $data = '333';// 加密
        openssl_public_encrypt($data, $encrypted, $pubKey);// 解密
        openssl_private_decrypt($encrypted, $decrypted, $priKey);
        echo $pubKey;//生成文件
        $csr = openssl_csr_new($dn, $priKey,$config); //基于$dn生成新的 CSR （证书签名请求）
        $sscert = openssl_csr_sign($csr, null, $priKey, 100000,$config);//根据配置对证书进行签名
        openssl_x509_export($sscert, $csrkey); //将公钥 证书存储到一个文件$sscert，由 PEM 编码格式命名。
        openssl_pkcs12_export($sscert, $privatekey, $priKey, $privkeypass); //将私钥存储到名为的出 PKCS12 文件格式的字符串。 导出密钥$privatekey//生成证书文件
        $fp = fopen($cerpath, "w");
        fwrite($fp, $csrkey);
        fclose($fp);//生成密钥文件
        $fp = fopen($pfxpath, "w");
        fwrite($fp, $privatekey);
        fclose($fp);// 测试私钥 秘钥

    }

    public function validate_key()
    {
        //直接测试私钥 公钥

        $data = "测试数据！";
        //加密数据测试test
        //私钥加密
        $privkeypass = 'tzld2018'; //私钥密码
        $pfxpath = "./cer/mhsh.pfx"; //密钥文件路径
        $priv_key = file_get_contents($pfxpath); //获取密钥文件内容

        openssl_pkcs12_read($priv_key, $certs, $privkeypass); //读取公钥、私钥
        $prikeyid = $certs['pkey']; //私钥
        openssl_sign($data, $signMsg, $prikeyid,OPENSSL_ALGO_SHA1); //注册生成加密信息
        $signMsg = base64_encode($signMsg); //base64转码加密信息

        //公钥解密
        $unsignMsg=base64_decode($signMsg);//base64解码加密信息

        openssl_pkcs12_read($priv_key, $certs, $privkeypass); //读取公钥、私钥
        $pubkeyid = $certs['cert']; //公钥
        $res = openssl_verify($data, $unsignMsg, $pubkeyid); //验证

        echo $res?'证书测试成功！':'证书测试失败！';; //输出验证结果，1：验证成功，0：验证失败

    }


    public function getPublic_key(Request $request){

        $pubpath = "./cer/mhsh.text"; //密钥文件路径
        $pubkey = file_get_contents($pubpath); //获取密钥文件内容
        return $pubkey;

    }




}